may_control

Dwight Engen Mon, 30 Sep 2013 06:55:00 -0700

On Fri, 27 Sep 2013 21:01:07 -0500
Serge Hallyn <serge.hal...@ubuntu.com> wrote:


> This is an api function which will return false if the container
> is running, and the caller may not talk to its monitor over its
> command socket.  Otherwise - if the container is not running, or
> the caller may access it - it returns true.
> 
> We can use this in several tools early on to prevent the segvs
> etc which we currently get.
> 
> Signed-off-by: Serge Hallyn <serge.hal...@ubuntu.com>

Acked-by: Dwight Engen <dwight.en...@oracle.com>

> ---
>  src/lxc/commands.c      | 30 ++++++++++++++++++++++++++++++
>  src/lxc/commands.h      |  1 +
>  src/lxc/lxccontainer.c  |  6 ++++++
>  src/lxc/lxccontainer.h  |  6 ++++++
>  src/tests/Makefile.am   |  6 ++++--
>  src/tests/may_control.c | 46
> ++++++++++++++++++++++++++++++++++++++++++++++ 6 files changed, 93
> insertions(+), 2 deletions(-) create mode 100644
> src/tests/may_control.c
> 
> diff --git a/src/lxc/commands.c b/src/lxc/commands.c
> index 7c538c6..fa6e3fb 100644
> --- a/src/lxc/commands.c
> +++ b/src/lxc/commands.c
> @@ -291,6 +291,36 @@ out:
>       return ret;
>  }
>  
> +int lxc_try_cmd(const char *name, const char *lxcpath)
> +{
> +     int stopped, ret;
> +     struct lxc_cmd_rr cmd = {
> +             .req = { .cmd = LXC_CMD_GET_INIT_PID },
> +     };
> +
> +     ret = lxc_cmd(name, &cmd, &stopped, lxcpath);
> +
> +     if (stopped)
> +             return 0;
> +     if (ret > 0 && cmd.rsp.ret < 0) {
> +             errno = cmd.rsp.ret;
> +             return -1;
> +     }
> +     if (ret > 0)
> +             return 0;
> +
> +     /*
> +      * At this point we weren't denied access, and the
> +      * container *was* started.  There was some inexplicable
> +      * error in the protocol.
> +      * I'm not clear on whether we should return -1 here, but
> +      * we didn't receive a -EACCES, so technically it's not that
> +      * we're not allowed to control the container - it's just not
> +      * behaving.
> +      */
> +     return 0;
> +}
> +
>  /* Implentations of the commands and their callbacks */
>  
>  /*
> diff --git a/src/lxc/commands.h b/src/lxc/commands.h
> index 2c0258c..7829aef 100644
> --- a/src/lxc/commands.h
> +++ b/src/lxc/commands.h
> @@ -88,5 +88,6 @@ extern int lxc_cmd_init(const char *name, struct
> lxc_handler *handler, const char *lxcpath);
>  extern int lxc_cmd_mainloop_add(const char *name, struct
> lxc_epoll_descr *descr, struct lxc_handler *handler);
> +extern int lxc_try_cmd(const char *name, const char *lxcpath);
>  
>  #endif /* __commands_h */
> diff --git a/src/lxc/lxccontainer.c b/src/lxc/lxccontainer.c
> index 1b3f2f5..060bb70 100644
> --- a/src/lxc/lxccontainer.c
> +++ b/src/lxc/lxccontainer.c
> @@ -2589,6 +2589,11 @@ static bool lxcapi_snapshot_restore(struct
> lxc_container *c, char *snapname, cha return b;
>  }
>  
> +static bool lxcapi_may_control(struct lxc_container *c)
> +{
> +     return lxc_try_cmd(c->name, c->config_path) == 0;
> +}
> +
>  static int lxcapi_attach_run_waitl(struct lxc_container *c,
> lxc_attach_options_t *options, const char *program, const char
> *arg, ...) { va_list ap;
> @@ -2708,6 +2713,7 @@ struct lxc_container *lxc_container_new(const
> char *name, const char *configpath c->snapshot = lxcapi_snapshot;
>       c->snapshot_list = lxcapi_snapshot_list;
>       c->snapshot_restore = lxcapi_snapshot_restore;
> +     c->may_control = lxcapi_may_control;
>  
>       /* we'll allow the caller to update these later */
>       if (lxc_log_init(NULL, "none", NULL, "lxc_container", 0,
> c->config_path)) { diff --git a/src/lxc/lxccontainer.h
> b/src/lxc/lxccontainer.h index 225fb39..20ab8e8 100644
> --- a/src/lxc/lxccontainer.h
> +++ b/src/lxc/lxccontainer.h
> @@ -223,6 +223,12 @@ struct lxc_container {
>        * Returns true on success, false on failure.
>        */
>       bool (*snapshot_restore)(struct lxc_container *c, char
> *snapname, char *newname); +
> +     /*
> +      * Return false if there is a control socket for the
> container monitor,
> +      * and the caller may not access it.  Return true otherwise.
> +      */
> +     bool (*may_control)(struct lxc_container *c);
>  };
>  
>  struct lxc_snapshot {
> diff --git a/src/tests/Makefile.am b/src/tests/Makefile.am
> index 8157407..479facc 100644
> --- a/src/tests/Makefile.am
> +++ b/src/tests/Makefile.am
> @@ -19,6 +19,7 @@ lxc_usernic_test_SOURCES
> = ../lxc/lxc_user_nic.c ../lxc/nl.c lxc_usernic_test_CFLAGS = -DISTEST
>  lxc_test_snapshot_SOURCES = snapshot.c
>  lxc_test_concurrent_SOURCES = concurrent.c
> +lxc_test_may_control_SOURCES = may_control.c
>  
>  AM_CFLAGS=-I$(top_srcdir)/src \
>       -DLXCROOTFSMOUNT=\"$(LXCROOTFSMOUNT)\" \
> @@ -31,7 +32,7 @@ bin_PROGRAMS = lxc-test-containertests
> lxc-test-locktests lxc-test-startone \ lxc-test-destroytest
> lxc-test-saveconfig lxc-test-createtest \ lxc-test-shutdowntest
> lxc-test-get_item lxc-test-getkeys lxc-test-lxcpath \ lxc-test-cgpath
> lxc-test-clonetest lxc-test-console lxc-usernic-test \
> -     lxc-test-snapshot lxc-test-concurrent
> +     lxc-test-snapshot lxc-test-concurrent lxc-test-may-control
>  
>  bin_SCRIPTS = lxc-test-usernic
>  
> @@ -53,4 +54,5 @@ EXTRA_DIST = \
>       console.c \
>       lxc-test-usernic \
>       snapshot.c \
> -     concurrent.c
> +     concurrent.c \
> +     may_control.c
> diff --git a/src/tests/may_control.c b/src/tests/may_control.c
> new file mode 100644
> index 0000000..c176087
> --- /dev/null
> +++ b/src/tests/may_control.c
> @@ -0,0 +1,46 @@
> +/* control.c
> + *
> + * Copyright © 2013 Canonical, Inc
> + * Author: Serge Hallyn <serge.hal...@ubuntu.com>
> + *
> + * This program is free software; you can redistribute it and/or
> modify
> + * it under the terms of the GNU General Public License version 2, as
> + * published by the Free Software Foundation.
> + *
> + * This program is distributed in the hope that it will be useful,
> + * but WITHOUT ANY WARRANTY; without even the implied warranty of
> + * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
> + * GNU General Public License for more details.
> + *
> + * You should have received a copy of the GNU General Public License
> along
> + * with this program; if not, write to the Free Software Foundation,
> Inc.,
> + * 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
> + */
> +
> +#include <stdio.h>
> +#include <stdlib.h>
> +#include <lxc/lxccontainer.h>
> +
> +void usage(char *me)
> +{
> +     printf("Usage: %s name [lxcpath]\n", me);
> +     exit(0);
> +}
> +
> +int main(int argc, char *argv[])
> +{
> +     char *lxcpath = NULL, *name;
> +     bool may = false;
> +     struct lxc_container *c;
> +
> +     if (argc < 2)
> +             usage(argv[0]);
> +     name = argv[1];
> +     if (argc == 3)
> +             lxcpath = argv[2];
> +     c = lxc_container_new(name, lxcpath);
> +     if (c)
> +             may = c->may_control(c);
> +     printf("You may%s control %s\n", may ? "" : " not", name);
> +     exit(may ? 0 : 1);
> +}


------------------------------------------------------------------------------
October Webinars: Code for Performance
Free Intel webinars can help you accelerate application performance.
Explore tips for MPI, OpenMP, advanced profiling, and more. Get the most from 
the latest Intel processors and coprocessors. See abstracts and register >
http://pubads.g.doubleclick.net/gampad/clk?id=60133471&iu=/4140/ostg.clktrk
_______________________________________________
Lxc-devel mailing list
Lxc-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/lxc-devel

Re: [lxc-devel] [PATCH 1/1] add c->may_control

Reply via email to